@pnpm/npm-conf
Advanced tools
@pnpm/npm-conf - npm Package Compare versions
Comparing version 2.0.2 to 2.0.3
| 'use strict'; | ||
| const fs = require('fs'); | ||
| const path = require('path'); | ||
| const envReplace = require('@npmcli/config/lib/env-replace.js'); | ||
| // https://github.com/npm/cli/blob/latest/lib/config/core.js#L406-L420 | ||
| const envReplace = str => { | ||
| if (typeof str !== 'string' || !str) { | ||
| return str; | ||
| } | ||
| // Replace any ${ENV} values with the appropriate environment | ||
| const regex = /(\\*)\$\{([^}]+)\}/g; | ||
| return str.replace(regex, (orig, esc, name) => { | ||
| esc = esc.length > 0 && esc.length % 2; | ||
| if (esc) { | ||
| return orig; | ||
| } | ||
| if (process.env[name] === undefined) { | ||
| throw new Error(`Failed to replace env in config: ${orig}`); | ||
| } | ||
| return process.env[name]; | ||
| }); | ||
| }; | ||
| // https://github.com/npm/cli/blob/latest/lib/config/core.js#L359-L404 | ||
@@ -73,3 +50,3 @@ const parseField = (types, field, key) => { | ||
| field = envReplace(field); | ||
| field = envReplace(field, process.env); | ||
@@ -76,0 +53,0 @@ if (isPath) { |
| { | ||
| "name": "@pnpm/npm-conf", | ||
| "version": "2.0.2", | ||
| "version": "2.0.3", | ||
| "description": "Get the npm config", | ||
@@ -24,2 +24,3 @@ "license": "MIT", | ||
| "dependencies": { | ||
| "@npmcli/config": "^6.1.0", | ||
| "@pnpm/network.ca-file": "^1.0.1", | ||
@@ -26,0 +27,0 @@ "config-chain": "^1.1.11" |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
- decreased by-3.85%
25
Worsened metrics
- Total package byte prevSize
- decreased by-1.48%
28156
- Dependency count
- increased by50%
3
- Lines of code
- decreased by-1.91%
874
Dependency changes
+ Added@npmcli/config@^6.1.0
+ Added@isaacs/cliui@8.0.2(transitive)
+ Added@npmcli/config@6.4.1(transitive)
+ Added@npmcli/map-workspaces@3.0.6(transitive)
+ Added@npmcli/name-from-folder@2.0.0(transitive)
+ Added@pkgjs/parseargs@0.11.0(transitive)
+ Addedabbrev@2.0.0(transitive)
+ Addedansi-regex@5.0.16.1.0(transitive)
+ Addedansi-styles@4.3.06.2.1(transitive)
+ Addedbalanced-match@1.0.2(transitive)
+ Addedbrace-expansion@2.0.1(transitive)
+ Addedci-info@4.0.0(transitive)
+ Addedcolor-convert@2.0.1(transitive)
+ Addedcolor-name@1.1.4(transitive)
+ Addedcross-spawn@7.0.3(transitive)
+ Addedeastasianwidth@0.2.0(transitive)
+ Addedemoji-regex@8.0.09.2.2(transitive)
+ Addedforeground-child@3.3.0(transitive)
+ Addedglob@10.4.5(transitive)
+ Addedini@4.1.3(transitive)
+ Addedis-fullwidth-code-point@3.0.0(transitive)
+ Addedisexe@2.0.0(transitive)
+ Addedjackspeak@3.4.3(transitive)
+ Addedjson-parse-even-better-errors@3.0.2(transitive)
+ Addedlru-cache@10.4.3(transitive)
+ Addedminimatch@9.0.5(transitive)
+ Addedminipass@7.1.2(transitive)
+ Addednopt@7.2.1(transitive)
+ Addednpm-normalize-package-bin@3.0.1(transitive)
+ Addedpackage-json-from-dist@1.0.1(transitive)
+ Addedpath-key@3.1.1(transitive)
+ Addedpath-scurry@1.11.1(transitive)
+ Addedproc-log@3.0.0(transitive)
+ Addedread-package-json-fast@3.0.2(transitive)
+ Addedsemver@7.6.3(transitive)
+ Addedshebang-command@2.0.0(transitive)
+ Addedshebang-regex@3.0.0(transitive)
+ Addedsignal-exit@4.1.0(transitive)
+ Addedstring-width@4.2.35.1.2(transitive)
+ Addedstrip-ansi@6.0.17.1.0(transitive)
+ Addedwalk-up-path@3.0.1(transitive)
+ Addedwhich@2.0.2(transitive)
+ Addedwrap-ansi@7.0.08.1.0(transitive)